21e3425e76
* feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token
71 lines
2.1 KiB
Go
71 lines
2.1 KiB
Go
package handlers
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/authorizerdev/authorizer/server/constants"
|
|
"github.com/authorizerdev/authorizer/server/enum"
|
|
"github.com/authorizerdev/authorizer/server/oauth"
|
|
"github.com/authorizerdev/authorizer/server/session"
|
|
"github.com/authorizerdev/authorizer/server/utils"
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
// set host in the oauth state that is useful for redirecting
|
|
|
|
func OAuthLoginHandler() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
// TODO validate redirect URL
|
|
redirectURL := c.Query("redirectURL")
|
|
role := c.Query("role")
|
|
|
|
if redirectURL == "" {
|
|
c.JSON(400, gin.H{
|
|
"error": "invalid redirect url",
|
|
})
|
|
return
|
|
}
|
|
|
|
if role != "" {
|
|
// validate role
|
|
if !utils.IsValidRole(constants.ROLES, role) {
|
|
c.JSON(400, gin.H{
|
|
"error": "invalid role",
|
|
})
|
|
return
|
|
}
|
|
} else {
|
|
role = constants.DEFAULT_ROLE
|
|
}
|
|
|
|
uuid := uuid.New()
|
|
oauthStateString := uuid.String() + "___" + redirectURL + "___" + role
|
|
|
|
provider := c.Param("oauth_provider")
|
|
|
|
switch provider {
|
|
case enum.Google.String():
|
|
session.SetToken(oauthStateString, enum.Google.String())
|
|
// during the init of OAuthProvider authorizer url might be empty
|
|
oauth.OAuthProvider.GoogleConfig.RedirectURL = constants.AUTHORIZER_URL + "/oauth_callback/google"
|
|
url := oauth.OAuthProvider.GoogleConfig.AuthCodeURL(oauthStateString)
|
|
c.Redirect(http.StatusTemporaryRedirect, url)
|
|
case enum.Github.String():
|
|
session.SetToken(oauthStateString, enum.Github.String())
|
|
oauth.OAuthProvider.GithubConfig.RedirectURL = constants.AUTHORIZER_URL + "/oauth_callback/github"
|
|
url := oauth.OAuthProvider.GithubConfig.AuthCodeURL(oauthStateString)
|
|
c.Redirect(http.StatusTemporaryRedirect, url)
|
|
case enum.Facebook.String():
|
|
session.SetToken(oauthStateString, enum.Github.String())
|
|
oauth.OAuthProvider.FacebookConfig.RedirectURL = constants.AUTHORIZER_URL + "/oauth_callback/facebook"
|
|
url := oauth.OAuthProvider.FacebookConfig.AuthCodeURL(oauthStateString)
|
|
c.Redirect(http.StatusTemporaryRedirect, url)
|
|
default:
|
|
c.JSON(422, gin.H{
|
|
"message": "Invalid oauth provider",
|
|
})
|
|
}
|
|
}
|
|
}
|